Low-Cost Chinese Phone Subsidized by the US Government Found to be Running Unremovable Malware
In the past five years or so, we've seen a meteoric rise in the number of low-cost smartphones in the market. Chinese OEMs such as Xiaomi, Oppo and Vivo, in particular, are responsible for making a lot of them. One often wonders, how can these companies stay in business while decently-specced smartphones at throwaway prices. The answer to that isn't always pretty. Xiaomi, for one, attempts to make some of that money back by showing ads inside of MIUI. Some lesser-known OEMs, unfortunately, take an even more unethical route. Unfortunately, pre-installed malware is still a problem, as demonstrated by Malwarebytes. Unremovable
A study conducted by security research firm Malwarebytes revealed that a low-cost smartphone sold in the US contained unremovable malware. The smartphone model in question is Unimax (UMX) U686CL. It is manufactured in China and sold as a part of Lifeline; a government program that subsidizes phone service for low-income groups. The device came with an app named Wireless Update, which was found to be infected with Adups malware which was first discovered in 2017 by security research firm Kryptowire.
Adups is particularly dangerous because it can install apps on the user's device without their explicit permission. Initially, masqueraded as a firmware update service. The Malwarebytes team said in a statement:
From the moment you log into the mobile device [the UMX U686CL], Wireless Update starts auto-installing apps. There is no user consent collected to do so, no buttons to click to accept the installs, it just installs apps on its own.
Thankfully, none of the apps installed so far have found to be malicious. That is not reassuring at the slightest, considering the service the potential to be used for shady activities. Adups was caught collecting user data via pre-installed apps that can't be removed.
There's yet another piece of Malware hidden inside the phone's settings app
To make matters worse, Malwarebytes found yet another piece of malicious code nested deep within the device's Settings app. It contains a heavily-modified version of the HiddenAds Trojan. Once activated, it bombards the user with ads and makes it difficult to identify which app is displaying them. Malwarebytes says that it was unable to trigger the HiddenAds trojan under test conditions, but maintains that a lot of users have reported otherwise.
Uninstalling the apps isn't an option either
Since both apps in question are 'system' apps, it is impossible to delete them without rooting the device. At best, you can disable the Wireless Update app, but that will render your device incapable of downloading critical security patches and software upgrades. Additionally, not only is it impossible to 'remove' the Settings app, managing to do so would render your phone unmanageable.
Lastly, Malwarebytes adds that the (UMX) U686CL isn't the only budget device that has such issues. Although it hasn't mentioned any names or OEMs, they're very likely manufactured in China by lesser-known manufacturers. The problem is further accentuated by the fact that people who use these devices often don't know any better. After all, a device manufactured by an obscure OEM will be subject to much less scrutiny under the public eye.